diff mbox

[BUGFIX,v2] KEYS: Fix for erroneous trust of incorrectly signed X.509 certs

Message ID 20160713175754.541-1-mathew.j.martineau@linux.intel.com (mailing list archive)
State New, archived
Headers show

Commit Message

Mat Martineau July 13, 2016, 5:57 p.m. UTC
Arbitrary X.509 certificates without authority key identifiers (AKIs)
can be added to "trusted" keyrings, including IMA or EVM certs loaded
from the filesystem. Signature verification is currently bypassed for
certs without AKIs.

Trusted keys were recently refactored, and this bug is not present in
4.6.

restrict_link_by_signature should return -ENOKEY (no matching parent
certificate found) if the certificate being evaluated has no AKIs,
instead of bypassing signature checks and returning 0 (new certificate
accepted).

Reported-by: Petko Manolov <petkan@mip-labs.com>
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
---

The subject line for v1 was "Do not trust certs with missing auth
IDs". I've only updated the commit message for v2 to clarify the scope
and consequences of the bug.

 crypto/asymmetric_keys/restrict.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

James Morris July 14, 2016, 12:28 a.m. UTC | #1
On Wed, 13 Jul 2016, Mat Martineau wrote:

> Arbitrary X.509 certificates without authority key identifiers (AKIs)
> can be added to "trusted" keyrings, including IMA or EVM certs loaded
> from the filesystem. Signature verification is currently bypassed for
> certs without AKIs.
> 
> Trusted keys were recently refactored, and this bug is not present in
> 4.6.

Which kernel is this patch for?
David Howells July 14, 2016, 3:12 p.m. UTC | #2
Mat Martineau <mathew.j.martineau@linux.intel.com> wrote:

> Arbitrary X.509 certificates without authority key identifiers (AKIs)
> can be added to "trusted" keyrings, including IMA or EVM certs loaded
> from the filesystem. Signature verification is currently bypassed for
> certs without AKIs.
> 
> Trusted keys were recently refactored, and this bug is not present in
> 4.6.
> 
> restrict_link_by_signature should return -ENOKEY (no matching parent
> certificate found) if the certificate being evaluated has no AKIs,
> instead of bypassing signature checks and returning 0 (new certificate
> accepted).
> 
> Reported-by: Petko Manolov <petkan@mip-labs.com>
> Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>

Applied.
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Mat Martineau July 14, 2016, 4:48 p.m. UTC | #3
On Thu, 14 Jul 2016, James Morris wrote:

> On Wed, 13 Jul 2016, Mat Martineau wrote:
>
>> Arbitrary X.509 certificates without authority key identifiers (AKIs)
>> can be added to "trusted" keyrings, including IMA or EVM certs loaded
>> from the filesystem. Signature verification is currently bypassed for
>> certs without AKIs.
>>
>> Trusted keys were recently refactored, and this bug is not present in
>> 4.6.
>
> Which kernel is this patch for?

It's for 4.7.

David just sent an email saying he's applied it. I'm not sure where, but 
it's likely work-in-process.

--
Mat Martineau
Intel OTC
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
David Howells July 14, 2016, 5:47 p.m. UTC | #4
Mat Martineau <mathew.j.martineau@linux.intel.com> wrote:

> David just sent an email saying he's applied it. I'm not sure where, but it's
> likely work-in-process.

I'm just collecting some fixes together.  Will send later on.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/crypto/asymmetric_keys/restrict.c b/crypto/asymmetric_keys/restrict.c
index ac4bddf..19d1afb9 100644
--- a/crypto/asymmetric_keys/restrict.c
+++ b/crypto/asymmetric_keys/restrict.c
@@ -87,7 +87,7 @@  int restrict_link_by_signature(struct key *trust_keyring,
 
 	sig = payload->data[asym_auth];
 	if (!sig->auth_ids[0] && !sig->auth_ids[1])
-		return 0;
+		return -ENOKEY;
 
 	if (ca_keyid && !asymmetric_key_id_partial(sig->auth_ids[1], ca_keyid))
 		return -EPERM;